From 0b208334ef0247aad9afcaae8003954423b61a0d Mon Sep 17 00:00:00 2001 From: Nigel Foucha Date: Wed, 9 Oct 2019 11:37:40 -0400 Subject: [PATCH] Dynamically load apiserver id from kube config --- config/kube_config.py | 7 ++-- config/kube_config_test.py | 73 +++++++++++++++++++++++++++++++++++--- 2 files changed, 73 insertions(+), 7 deletions(-) diff --git a/config/kube_config.py b/config/kube_config.py index ddfd0b38..469e8aee 100644 --- a/config/kube_config.py +++ b/config/kube_config.py @@ -249,12 +249,15 @@ def _refresh_azure_token(self, config): tenant = config['tenant-id'] authority = 'https://login.microsoftonline.com/{}'.format(tenant) context = adal.AuthenticationContext( - authority, validate_authority=True, + authority, validate_authority=True, api_version='1.0' ) refresh_token = config['refresh-token'] client_id = config['client-id'] + apiserver_id = config.get( + 'apiserver-id', + '00000002-0000-0000-c000-000000000000') token_response = context.acquire_token_with_refresh_token( - refresh_token, client_id, '00000002-0000-0000-c000-000000000000') + refresh_token, client_id, apiserver_id) provider = self._user['auth-provider']['config'] provider.value['access-token'] = token_response['accessToken'] diff --git a/config/kube_config_test.py b/config/kube_config_test.py index c8fb7967..fd00903e 100644 --- a/config/kube_config_test.py +++ b/config/kube_config_test.py @@ -457,6 +457,20 @@ class TestKubeConfigLoader(BaseTestCase): "user": "azure_str_error" } }, + { + "name": "azure_no_apiserver", + "context": { + "cluster": "default", + "user": "azure_no_apiserver" + } + }, + { + "name": "azure_bad_apiserver", + "context": { + "cluster": "default", + "user": "azure_bad_apiserver" + } + }, { "name": "expired_oidc", "context": { @@ -647,7 +661,7 @@ class TestKubeConfigLoader(BaseTestCase): "auth-provider": { "config": { "access-token": TEST_AZURE_TOKEN, - "apiserver-id": "ApiserverId", + "apiserver-id": "00000002-0000-0000-c000-000000000000", "environment": "AzurePublicCloud", "refresh-token": "refreshToken", "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433" @@ -662,7 +676,7 @@ class TestKubeConfigLoader(BaseTestCase): "auth-provider": { "config": { "access-token": TEST_AZURE_TOKEN, - "apiserver-id": "ApiserverId", + "apiserver-id": "00000002-0000-0000-c000-000000000000", "environment": "AzurePublicCloud", "expires-in": "0", "expires-on": "156207275", @@ -679,7 +693,7 @@ class TestKubeConfigLoader(BaseTestCase): "auth-provider": { "config": { "access-token": TEST_AZURE_TOKEN, - "apiserver-id": "ApiserverId", + "apiserver-id": "00000002-0000-0000-c000-000000000000", "environment": "AzurePublicCloud", "expires-in": "0", "expires-on": "2018-10-18 00:52:29.044727", @@ -696,7 +710,7 @@ class TestKubeConfigLoader(BaseTestCase): "auth-provider": { "config": { "access-token": TEST_AZURE_TOKEN, - "apiserver-id": "ApiserverId", + "apiserver-id": "00000002-0000-0000-c000-000000000000", "environment": "AzurePublicCloud", "expires-in": "0", "expires-on": "2018-10-18 00:52", @@ -713,7 +727,7 @@ class TestKubeConfigLoader(BaseTestCase): "auth-provider": { "config": { "access-token": TEST_AZURE_TOKEN, - "apiserver-id": "ApiserverId", + "apiserver-id": "00000002-0000-0000-c000-000000000000", "environment": "AzurePublicCloud", "expires-in": "0", "expires-on": "-1", @@ -724,6 +738,39 @@ class TestKubeConfigLoader(BaseTestCase): } } }, + { + "name": "azure_no_apiserver", + "user": { + "auth-provider": { + "config": { + "access-token": TEST_AZURE_TOKEN, + "environment": "AzurePublicCloud", + "expires-in": "0", + "expires-on": "156207275", + "refresh-token": "refreshToken", + "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433" + }, + "name": "azure" + } + } + }, + { + "name": "azure_bad_apiserver", + "user": { + "auth-provider": { + "config": { + "access-token": TEST_AZURE_TOKEN, + "apiserver-id": "ApiserverId", + "environment": "AzurePublicCloud", + "expires-in": "0", + "expires-on": "156207275", + "refresh-token": "refreshToken", + "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433" + }, + "name": "azure" + } + } + }, { "name": "expired_oidc", "user": { @@ -1047,6 +1094,22 @@ def test_azure_with_expired_int_error(self): provider = loader._user['auth-provider'] self.assertRaises(ValueError, loader._azure_is_expired, provider) + def test_azure_with_no_apiserver(self): + loader = KubeConfigLoader( + config_dict=self.TEST_KUBE_CONFIG, + active_context="azure_no_apiserver", + ) + provider = loader._user['auth-provider'] + self.assertTrue(loader._azure_is_expired(provider)) + + def test_azure_with_bad_apiserver(self): + loader = KubeConfigLoader( + config_dict=self.TEST_KUBE_CONFIG, + active_context="azure_bad_apiserver", + ) + provider = loader._user['auth-provider'] + self.assertTrue(loader._azure_is_expired(provider)) + def test_user_pass(self): expected = FakeConfig(host=TEST_HOST, token=TEST_BASIC_TOKEN) actual = FakeConfig()